dark reading threat intel and cybersecurity news
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-26207
PUBLISHED: 2020-11-04

DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file.
The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened.

CVE-2020-27690
PUBLISHED: 2020-11-04

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.

CVE-2020-27691
PUBLISHED: 2020-11-04

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.

CVE-2020-27692
PUBLISHED: 2020-11-04

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possib…

CVE-2019-7356
PUBLISHED: 2020-11-04

Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.